Detect and report missing secret errors in agent failure issues

[Copilot]

When workflows fail due to missing secrets (e.g., MCP server authentication), the failure tracking issues now automatically detect and report these errors with actionable resolution steps.

Changes

Missing Secret Detection

• Scans MCP logs, safe-inputs logs, and firewall logs for authentication failures
• Parses JSON log entries to extract failed MCP server names
• Detects patterns: 401/403 errors, missing credentials, invalid tokens

Enhanced Failure Issues

• Adds "⚠️ Missing Secrets Detected" section listing specific MCP server failures
• Includes resolution steps with gh aw mcp inspect --check-secrets command
• Links to workflow health monitoring runbook

Artifact Pipeline

• Downloads agent-artifacts in conclusion job before failure handler runs
• Makes diagnostic logs available at /tmp/gh-aw/{mcp-logs,safe-inputs/logs,sandbox/firewall/logs}/

Example Output

### ⚠️ Missing Secrets Detected

The following authentication or credential issues were detected:

- MCP server 'github' failed to start (likely missing credentials or authentication failure)

**Resolution Steps:**
1. Check workflow configuration for required secrets
2. Verify secrets in repository settings: **Settings** → **Secrets and variables** → **Actions**
3. Use `gh aw mcp inspect <workflow-name> --check-secrets` to validate
4. See [Workflow Health Monitoring Runbook](https://github.com/githubnext/gh-aw/blob/main/.github/aw/runbooks/workflow-health.md)

Files Modified

• actions/setup/js/handle_agent_failure.cjs - Detection logic
• pkg/workflow/notify_comment.go - Artifact download
• .github/aw/runbooks/workflow-health.md - Documentation

Original prompt

@copilot import the "handle agent failure" to also report missing secret errors.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.